So for example when the user logged in I would make 2 sessions like so:
$_SESSION['user_id'] = $user_id; $_SESSION['secure_hash'] = $user_sha1_password;
Also if the user selected to automatically login I created 2 cookies:
setcookie("autologin_userid", $user_id, time() + 31536000, "/Example", "example.com", 0); setcookie("autologin_secure", $user_sha1_password, time() + 31536000, "/Example", "example.com", 0);
Then I would check the stored hashed password from cookies/sessions with the one that was stored in the database.
Now is this actually making my system more secure than if I just stored the user's id in the session/cookie or is it making it less secure?